Use Common Helm Templates (#83)

unikorn-cloud · Jun 18, 2024 · 8545a57 · 8545a57
1 parent 1ef9811
commit 8545a57
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 121 deletions.
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -44,6 +44,8 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Touch
       run: make touch
+    - name: Build Helm Chart
+      run: helm dependency update charts/identity
     - name: Golang CI/Helm Lint
       run: make lint
     - name: Build Images

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -39,6 +39,8 @@ jobs:
       run: |
         git config user.name "$GITHUB_ACTOR"
         git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+    - name: Build Helm Chart
+      run: helm dependency update charts/identity
     - name: Release Helm Chart
       uses: unikorn-cloud/chart-release-action@v1
       env:

diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,7 @@
 /bin
 /sboms
+/charts/identity/Chart.lock
+/charts/identity/charts
 *.swp
 cover.out
 cover.html
diff --git a/charts/identity/Chart.yaml b/charts/identity/Chart.yaml
@@ -4,7 +4,12 @@ description: A Helm chart for deploying Unikorn's IdP
 
 type: application
 
-version: v0.2.12
-appVersion: v0.2.12
+version: v0.2.13
+appVersion: v0.2.13
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
+
+dependencies:
+- name: unikorn-common
+  version: v0.1.3
+  repository: https://unikorn-cloud.github.io/helm-common
diff --git a/charts/identity/templates/_helpers.tpl b/charts/identity/templates/_helpers.tpl
@@ -1,77 +1,6 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "unikorn.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "unikorn.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "unikorn.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "unikorn.labels" -}}
-helm.sh/chart: {{ include "unikorn.chart" . }}
-{{ include "unikorn.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "unikorn.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "unikorn.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "unikorn.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "unikorn.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
 {{/*
 Create the container images
 */}}
-{{- define "unikorn.defaultRepositoryPath" -}}
-{{- if .Values.repository }}
-{{- printf "%s/%s" .Values.repository .Values.organization }}
-{{- else }}
-{{- .Values.organization }}
-{{- end }}
-{{- end }}
-
 {{- define "unikorn.image" -}}
 {{- .Values.image | default (printf "%s/unikorn-identity:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
@@ -95,33 +24,3 @@ Create image pull secrets
 - name: docker-config
 {{- end }}
 {{- end }}
-
-{{/*
-Creates predicatable Kubernetes name compatible UUIDs from name.
-Note we always start with a letter (kubernetes DNS label requirement),
-group 3 starts with "4" (UUIDv4 aka "random") and group 4 with "8"
-(the variant aka RFC9562).
-*/}}
-{{ define "resource.id" -}}
-{{- $sum := sha256sum . -}}
-{{ printf "f%s-%s-4%s-8%s-%s" (substr 1 8 $sum) (substr 8 12 $sum) (substr 13 16 $sum) (substr 17 20 $sum) (substr 20 32 $sum) }}
-{{- end }}
-
-{{/*
-Abstractions to allow an all-in-one chart
-*/}}
-{{- define "unikorn.identity.host" -}}
-{{- if (and .Values.global .Values.global.identity .Values.global.identity.host) -}}
-{{- .Values.global.identity.host }}
-{{- else }}
-{{- .Values.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.ingress.clusterIssuer" -}}
-{{- if (and .Values.global .Values.global.ingress .Values.global.ingress.clusterIssuer) -}}
-{{- .Values.global.ingress.clusterIssuer }}
-{{- else }}
-{{- .Values.ingress.clusterIssuer }}
-{{- end }}
-{{- end }}
diff --git a/charts/identity/templates/identity/deployment.yaml b/charts/identity/templates/identity/deployment.yaml
@@ -22,16 +22,11 @@ spec:
         - --host=https://{{ include "unikorn.identity.host" . }}
         - --jose-tls-secret=unikorn-identity-jose-tls
         - --refresh-token-duration={{ printf "%dh" (mul .Values.issuer.maxTokenDurationDays 24) }}
-        {{- with $cors := .Values.cors }}
-          {{- range $origin := $cors.allowOrigin }}
-            {{ printf "- --cors-allow-origin=%s" $origin | nindent 8 }}
-          {{- end }}
-          {{- if $cors.maxAge }}
-            {{ printf "- --cors-max-age=%s" $cors.maxAge | nindent 8 }}
-          {{- end }}
+        {{- with $cors := ( include "unikorn.cors.flags" . ) -}}
+          {{ $cors | nindent 8 }}
         {{- end }}
-        {{- if .Values.otlpEndpoint }}
-          {{ printf "- --otlp-endpoint=%s" .Values.otlpEndpoint | nindent 8 }}
+        {{- with $otlp := ( include "unikorn.otlp.flags" .) -}}
+          {{ $otlp | nindent 8 }}
         {{- end }}
         ports:
         - name: http

diff --git a/charts/identity/templates/identity/ingress.yaml b/charts/identity/templates/identity/ingress.yaml
@@ -5,10 +5,8 @@ metadata:
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
   annotations:
-  {{- if .Values.ingress.clusterIssuer }}
-    cert-manager.io/cluster-issuer: {{ include "unikorn.ingress.clusterIssuer" . }}
-  {{- else if .Values.ingress.issuer }}
-    cert-manager.io/issuer: {{ .Values.ingress.issuer }}
+  {{- with $clusterIssuer := ( include "unikorn.ingress.clusterIssuer" . ) }}
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
   {{- end }}
   {{- if .Values.ingress.externalDns }}
     external-dns.alpha.kubernetes.io/hostname: {{ include "unikorn.identity.host" . }}

diff --git a/charts/identity/values.yaml b/charts/identity/values.yaml
@@ -29,7 +29,8 @@ projectController:
 
 # Sets the DNS hosts, X.509 certificate subject alternative names and
 # oauth2 issuer etc.
-host: identity.acme.org
+identity:
+  host: identity.acme.org
 
 # Issuer related configuration.
 issuer:
@@ -93,10 +94,6 @@ ingress:
   # Sets the ingress class to use.
   class: ~
 
-  # Cert Manager certificate issuer to use.  If not specified it will generate a
-  # self signed one.
-  issuer: ~
-
   # clusterIssuer to use.
   # This defaults to the self-signed CA defined in Unikorn core.
   clusterIssuer: unikorn-issuer